The one problem with LANs is that they're, well, local. A LAN doesn't traditionally extend beyond the physical boundaries of a data center, or at least a corporate campus. For many applications and services this isn't a problem, and WAN connectivity between data centers and campuses does the job just fine. However, not all services are created equal, and certain functions simply can't be pushed through a traditional routed WAN. For instance, you can't migrate a running VM from one data center to another and have it maintain network connectivity.

Or can you?

Last week, Cisco walked me through a demonstration of Cisco OTV (Overlay Transport Virtualization), a novel approach to connecting remote data centers at layer 2 while skipping some of the pitfalls normally associated with such an endeavor. The tech is deceptively simple -- elegant, in fact -- but as with any cutting edge technology, there are some gotchas.

At its core, Cisco OTV is simply a way for far-flung Cisco Nexus 7000 switches to share MAC address tables. Normally, if you have two or three data centers, for example, each exists as a layer-2 island with its own set of VLANs, spanning-tree, and so forth. Extending one of those networks into another data center generally runs into issues related to broadcast storms, spanning-tree loops, and other problems that aren't generally at issue within a local switched LAN but can be disastrous if propagated across expensive and lower-bandwidth WAN links. In short, it's generally more trouble than it's worth. That's where OTV comes in.

No LAN is an island

The implementation is quite simple: A switch running at each data center has a trunked interface to the local switched LAN and plays on all VLANs relevant to the data center extension. On the other side is a link to the WAN transport to all of the other data centers. That WAN link could conceivably be any flavor, but it will need to be OC-12 or better to make good use of OTV. With a few commands, a pseudo interface is created on the switch, and a group access address range is specified. At that point, the switch begins receiving MAC table updates from the other participating switches and transmitting its own. It also then begins responding to requests for remote MAC addresses it's learned on the local LAN segment, essentially proxying those addresses.

When an OTV switch receives a frame destined for another data center, it encapsulates it in a normal IP packet and transmits it over the WAN to the data center where that destination MAC resides. On the receiving end, the local OTV switch strips the encapsulation and drops the frame on the appropriate VLAN as if nothing ever happened. The sending and receiving hosts never know that they are in different data centers, or that a WAN link was involved at all.

The underlying table information and routing transport for this scenario is a pretty neat adaptation of existing technology. Cisco is leveraging some of the capabilities of the IS-IS (Intermediate System to Intermediate System) routing protocol to make this happen, although the IS-IS configuration is completely under the covers. It really is only about five commands to add a data center to the mix, although the necessary configuration of the Nexus 7000 switches might be a bit more involved.